Aksum University

College of Engineering & Technology

Department of Computing-Information Technology

Information Assurance and Security

 Chapter 3
Attack Types and Protection Schemes
 Categories of Attack Types and Security threats
 Threats of Information Security
 Malicious Security Threats
 viruses
 worms
 Trojanhorses
 Spyware etc …
 Intrusion Detection
 Social Engineering
Attacks(Cont’d …)
 Attack is an act or action that exploits vulnerability (i.e., an
identified weakness) in controlled system.
 It is accomplished by threat agent that damages or steals
organization’s information.
Categories
Categoriesof ofAttacks
Attacks

Interruption:
Interruption:An
Anattack
attackon
onavailability
availability

Interception:
Interception:An
Anattack
attackon
onconfidentiality
confidentiality

Modification:
Modification:An
Anattack
attackon
onintegrity
integrity

Fabrication:
Fabrication:An
Anattack
attackon
onauthenticity
authenticity
Computer System Security/Attacks
Attacks(Cont’d …)
Source

Normal flow of information Destination

Attack

Interruption Interception

Modification Fabrication
Attacks(Cont’d …)
 Brute force attack: trying every possible combinations.
 Dictionary attack: selects specific accounts to attack and uses
commonly used passwords (i.e., the dictionary) to guide
guesses.
 Denial-of-service (DoS): attacker sends large number of
connection or information requests to a target
 Target system cannot handle successfully along with other,
legitimate service requests
 May result in system crash or inability to perform ordinary
functions
Distributed denial-of-service (DDoS): coordinated from many
locations simultaneously
Attacks(Cont’d …)
Attacks(Cont’d …)
 IP Spoofing attack: technique used to gain unauthorized
access; intruder assumes a trusted IP address.
Attacks(Cont’d …)
 Man-in-the-middle attack: attacker monitors network packets,
modifies them, and inserts them back into network.
Attacks(Cont’d …)
Masquerade: it takes place when one entity pretends to be a
different entity.
 For example: authentication sequences can be captured and

replayed after a valid authentication sequence has taken place,

thus enabling an authorized entity with few privileges to
obtain extra privileges by impersonating an entity that has
those privileges.
 It is similar to Phishing; an attempt to gain personal/financial

information from individual, usually by posing as genuine

entity.
Pharming: redirection of legitimate Web traffic (e.g.,
browser requests) to illegitimate site for the purpose
of obtaining private information.

Sniffers: a program and/or device that can monitor

data travelling over a network. Sniffers can be used
both for legitimate network management functions
and for stealing information from a network.
Types of Attacks
Generally We do have 2 Types of attacks:
1. passive
2. Active
1. Active attacks
Active attacks involve some modification of the data stream
or the creation of a false stream.
Types of Attacks(Cont’d …)

2. Passive attacks
 Passive attacks are in the nature of eavesdropping on, or

monitoring of, transmissions.

 The goal of the opponent is to obtain information that is being

transmitted.
Types of Attacks(Cont’d …)
Types of Attacks(Cont’d …)
Threats to information security

 A threat is an object, person, or other entity, that represents a

constant danger to an asset. To make sound decisions about
information security, we’ve to know the various threats of
information security.
 Acts of human error or failure -- Accidents, employee mistakes
 Compromises to intellectual property -- Piracy, copyright
infringement
 Deliberate acts of espionage or trespass-- Unauthorized access
and/or/data collection
 Deliberate acts of information extortion-- Blackmail or information
disclosure
Threats to information security(cont’d…)

 Deliberate software attacks --Malicious threats(Viruses)

 Deliberate acts of sabotage or vandalism -- Destruction of

systems or information
 Deliberate acts of theft -- Illegal confiscation of information

 Forces of nature -- Fire, flood, earthquake, lightning

 Deviations in quality of service -- ISP/WAN providers

 Technical hardware failures or errors -- Equipment failure

 Technical software failures or errors -- Bugs, code

problems, unknown loopholes
 Technological obsolescence -- Antiquated or outdated
technologies
Malicious Security Threats
 Computer “Viruses” and related programs have the ability to
replicate themselves on an ever increasing number of
computers. They originally spread by people sharing disks.
Now they spread primarily over the Internet (a “Worm”).

 Other “Malicious Programs” may be installed by hand on a

single machine. They may also be built into widely
distributed commercial software packages. These are very
hard to detect before the payload activates (Trojan Horses,
Trap Doors, and Logic Bombs).
 Taxanomy of Malicious Programs
Malicious
Programs

Need Host Independent

Program

Trapdoors Logic Trojan Viruses Bacteria Worms

Bombs Horses

18
Malicious Threats(Cont’d…)

Virus: A program or piece segments of code that can be loaded

on to your computer, without your knowledge and run against
your wishes.
Virus Phases:
I. Dormant phase - the virus is idle
II. Propagation phase - the virus places an identical copy of
itself into other programs
III. Triggering phase – the virus is activated to perform the
function for which it was intended
IV. Execution phase – the function is performed
Malicious Threats(Cont’d…)
Types of Viruses:
1) Parasitic Virus - attaches itself to executable files as part
of their code. Runs whenever the host program runs.
2) Memory-resident Virus - Lodges in main memory as
part of the residual operating system.
3) Boot Sector Virus - infects the boot sector of a disk, and
spreads when the operating system boots up (original DOS
viruses).
4) Stealth Virus - explicitly designed to hide from Virus
Scanning programs.
Malicious Threats(Cont’d…)
Trojan Horses: Are software programs that hide their true
nature and reveal their designed behavior only when
activated.
 When their host executes they cause bad things to happen
(sending your data or password to an attacker over the net)
Trojan horse Trojan horse releases
Trojan horse is
arrives via E- its payload, monitors
activated when
mail or computer activity,
the software or
software such installs back door, or
attachment is
as free games transmits information
executed.
to hacker
Fig: Trojan horse Attack
Malicious Threats(Cont’d…)
Back Door or Trap Door:
 Undocumented entry point written into code for debugging
that can allow unwanted users.
 A Virus or Worm has a payload that installs a backdoor or
trapdoor component in a system, which allows the attacker to
access the system at will with special privileges.
Logic Bomb :
 Malicious code that activates on an event
 Example: Date
Malicious Threats(Cont’d…)
Worm: a program that replicates itself across the network
(usually riding on email messages or attached documents
 A worm is a malicious program that replicates itself
constantly, without requiring another program to provide a
safe environment for replication.
 Once the worm has infected a computer , it can redistribute
itself to all e-mail addresses found on the infected system.
 Example:
 MS-Blaster
 MyDoom
 Netsky, are multifaceted attack worms
Malicious Threats(Cont’d…)
 Furthermore, a worm can deposit copies of itself onto
all Web servers that the infected systems can reach,
so that users who subsequently visit those sites
become infected.
Bacteria: a “Bacteria” replicates until it fills all disk
space, or CPU cycles.
 Bacteria can continue replicating themselves until
they completely fill available resources, such as
memory, hard drive space, and network bandwidth.
 Intrusion Detection
Intruders:
 It refers hackers or crackers.

 Eg: Masquerade
Intrusion Techniques:
 Techniques for guessing passwords:
• Try default passwords.
• Try all short words, 1 to 3 characters long.
• Try all the words in an electronic dictionary(60,000).
• Collect information about the user’s hobbies, family names,
birthday, etc.
• Try user’s phone number, social security number, street
address, etc.
Intrusion Detection(Cont’d …)
Intusion Detection:
 The intruder can be identified and ejected from the system.
 An effective intrusion detection can prevent intrusions.
 Intrusion detection enables the collection of information about
intrusion techniques that can be used to strengthen the
intrusion prevention facility.
 Statistical anomaly detection:
 Treshold detection
 Profile based
 Signature detection:
 Rule-based Anomaly detection
 Rule-based Penetration identidication
Intrusion Detection(Cont’d …)
Anomaly Detection:
1. Threshold detection :
 checks excessive event occurrences over time
 alone a crude and ineffective intruder detector
 must determine both thresholds and time intervals
2. Profile based :
 characterize past behavior of users / groups
 then detect significant deviations
 based on analysis of audit records
 gather metrics: counter, guage, interval timer, resource utilization
 analyze: mean and standard deviation, multivariate,
markovprocess, time series, operational model
Intrusion Detection(Cont’d …)
Signature Detection:
 Observe events on system and applying a set of
rules to decide if intruder is attacking.
 Based on two approaches:
1. Rule-based anomaly detection
 analyze historical audit records for expected behavior, then
match with current behavior
2. Rule-based penetration identification
 rules identify known penetrations / weaknesses
 often by analyzing attack scripts from Internet
 supplemented with rules from security experts
 Social Engineering

Social Engineering:
 It is the process of using social skills to convince people to
reveal access credentials or other valuable information to the
attacker.
 An attacker gets more information by calling others in the
company and asserting his/her authority by mentioning chief’s
name.
 Attackers are conducting social engineering attacks via smart
phones and tablet PCs to gather personal data from
unsuspecting users.
 When those same devices are used to access the corporate
network and its resources, the corporation is at risk.
 Social Engineering(Cont’d …)

Social Engineering on Mobile Devices:

 Social engineering attacks can be carried out in a number of
ways on a mobile device.
 Attackers also use social engineering to “sell” illegitimate
applications to users.
 Social engineering techniques are used to convince the user to
download applications.
 The app may be promoted as solving a particular problem or
be associated with a popular movie or other cultural trend to
make it look appealing but it is really the illegitimate one.
//End chap three

The End of ch-3

Q&A